SECURITY TROUBLESHOOTING

Providing Onsite Technical Support

This objective of this service is to provide onsite technical support to assist the isolation and resolution of known performance and stability conditions concerning the CA-Top Secret security system and to establish a software-based monitoring tool whose results (which accumulate), may be used as part of a later, comprehensive effort to identify and remove obsolete entries within the CA-Top Secret security system database.

Security Troubleshooting

For two weeks each, senior consultants will perform problem diagnosis and isolation in four areas where conditions are known to exist which adversely affect the current CA-Top Secret environment. These conditions are not deficiencies of the product as supplied by CA. Rather, these conditions are the more likely the result of options or interfaces needing attention. In each of these four problem areas, problem diagnosis and isolation will be limited a best effort basis within the given timetable. Work will be closely coordinated with the CA Support center for CA-Top Secret. TSS traces and SVC-Dumps, initiated via the Operator or via SLIP-Trap commands, will be obtained and studied. IPCS dump analysis software must be available. IBM IIN (a.k.a. Advantis or ATT-Net) network access must be available. Resolutions will be implemented only as per client policies, schedules and practices.

I/O

Excessive I/O appears to be occurring to the CA-Top Secret security file. Diagnosis will be done to identify the most frequent requests resulting in I/O. Once understood, the best options for I/O reduction will be identified. TSS trace options will be enabled for very short periods (< l min).

DB2

Possibly related to both the known problems of performance and excessive I/O, it was observed that at least one DB2-related userid was performing an excessive number of signon requests each day (+100,000). The cause of this seemingly excessive signon activity will be diagnosed and isolated as possible.

Performance

Overall security-file performance and file lock settings (specified via the TIMELOCK control option) will be examined. Recommendations will be made based on findings. Production problems have occurred whereby “security file locked” conditions have halted system processing. The cause of these conditions will be diagnosed to the extent possible.

CPF

A condition is known to exist whereby the Command Propagation Facility (CPF) of CA-Top Secret fails after, what is termed, a backlog occurs. Attempts will be made to diagnose this condition and identify its resolution. Attempts will be made to reproduce this condition.

For each of the four problem areas identified above, a statement of findings and recommendations will be published within 5 days of the completion of onsite analysis.

FREE CONSULTATION

Schedule a complimentary consultation with our team of mainframe and security specialists today.